Best VPNs for Tor users to maximize privacy

Speed and privacy are usually the top considerations when looking for the best VPN for Tor. Both Tor and VPNs will reduce your speed, choosing the wrong VPN may make Tor all but unusable. We found just 4 VPNs we were happy to recommend for Tor users. Read on to see our top picks.

Tor and a VPN are both tools that use a combination of proxies and encryption to make it difficult for snoopers to track you. While they share some similarities, the key difference is that Tor is for anonymity, and a VPN is for privacy. The two can be used in tandem to further bolster both privacy and anonymity. This article will cover the best VPNs for Tor and explain how to use a Tor VPN.

We’ve evaluated the best VPNs for Tor based on the following criteria:

Panama-based NordVPN gives users access to specialized servers pre-configured with Tor over VPN, which means all traffic is first sent through the VPN and then automatically redirected through the Tor network. This is great if you have apps other than a browser that you’d like to use with Tor. A double-VPN option is also available, which could be used with the Tor browser for a total of two VPNs and the Tor network, if you can tolerate the speed hit. NordVPN also boasts a strict zero logs policy and 256-bit AES encryption. The company accepts Bitcoin.

Apps are available for Windows, MacOS, iOS, and Android.

Note that some experts object to Tor over VPN servers because NordVPN could hypothetically see what users are doing with their Tor connection by analyzing traffic before Tor encrypts it. NordVPN says it keeps zero logs, but if this is a concern, we recommend setting up Tor and the VPN independently.

ExpressVPN recently launched a .onion version of its website for users who want to anonymously make an account. The British Virgin Islands-based company accepts Bitcoin and sticks to a good no-logs policy. Some non-identifying information is logged such as dates (not times), choice of server location, and total amount of data transferred each day. Cutting-edge encryption is used by default including 256-bit AES encryption, 4,096-bit DHE-RSA keys with perfect forward secrecy, and SHA512 authentication.

ExpressVPN is highly rated, fast, user-friendly and has apps available for Windows, MacOS, Android, iOS, and Linux (command line).

CyberGhost doesn’t have any Tor-specific features, but it is the only VPN to earn a perfect score in our 2018 security and privacy assessment. For this reason, it pairs well with the Tor Browser. CyberGhost assigns each user a unique anonymous ID, and the email address you use to sign up is encrypted. This prevents third parties from connecting a users’ email address to their CyberGhost account. CyberGhost stores no identifying logs.

The company is based in Romania, which has no mandatory data retention laws. Strong encryption, leak protection, a kill switch, and perfect forward secrecy are all included in the apps, even on mobile. Speeds are plenty fast enough to handle Tor traffic.

Apps are available for Windows, MacOS, iOS, and Android. You may connect up to seven devices at a time.

AirVPN was the only provider to earn a perfect score in our VPN privacy assessment. It’s not the fastest or most user-friendly but it is the only provider we know of to build VPN over Tor into its apps, which routes traffic first through the Tor network and then through the VPN. The traffic is encrypted by both the VPN and Tor before it leaves your device. VPN over SSH and VPN over SSL are additional options. AirVPN maintains strong encryption standards: 256-bit encryption, HMAC SHA1 authentication, and DHE-RSA 4,096-bit encryption keys with perfect forward secrecy. It keeps zero logs and accepts bitcoin, several other cryptocurrencies, and some gift cards.

BolehVPN supports Tor over VPN on certain OpenVPN TCP servers. It maintains a zero logs policy except in cases of suspected abuse, such as performing DDoS attacks or sending spam. It checks off all of the criteria for unbreakable security: 256-bit AES channel encryption, 2,048-bit RSA keys with perfect forward secrecy, and SHA-512 HMAC authentication. BolehVPN accepts Bitcoin and Dash.

Apps are available for Windows, MacOS, Android, and iOS.

Note that some experts object to Tor over VPN servers because BolehVPN could hypothetically see what users are doing with their Tor connection by analyzing traffic before Tor encrypts it. BolehVPN says it keeps zero logs, but if this is a concern, we recommend setting up Tor and the VPN independently.

Hotspot Shield

Privacy advocates earlier this year filed a formal complaint with the FTC alleging freemium VPN provider Hotspot Shield illegally hijacked HTTP requests for certain ecommerce websites, redirecting users to affiliate sites where it stood to financially benefit. The complaint also accuses Hotspot Shield of injecting tracking cookies into users’ browsers to collect browsing data used by third-party ad agencies. Until these allegations are cleared up, we recommend avoiding Hotspot Shield.

PureVPN

A man accused of cyber stalking was recently arrested by the FBI thanks in part to records provided by Hong Kong-based VPN provider PureVPN. The individual used PureVPN in an attempt to hide his identity, but the provider handed over logs that ultimately led to his arrest. PureVPN has since updated its privacy policy to state that it keeps absolutely no logs, but Tor users should probably still steer clear.

Why use a VPN with Tor?

A VPN encrypts all of a device’s traffic and routes it through a remote server in a location of your choosing. This assigns the user a new IP address–a string of numbers and decimals unique to a device that can be used to pinpoint the user’s location. The encryption prevents internet service providers from being able to monitor your activity.

While most good VPN providers offer a “no logs” policy, VPNs still require a degree of trust that the provider won’t record user traffic or give in to corporations, hackers, and governments that demand user information. Your activity is private, but not necessarily anonymous.

Tor encrypts the user’s traffic and routes it through several nodes run by volunteers, known as the Tor network. Every time a new website request is sent, the route changes, making it next to impossible for anyone to trace the user. Unlike a VPN service, there’s no central authority that controls the traffic flow, so trust is not necessary.

These entry and exit nodes are well documented, however, so both your ISP and the destination server can easily find out if you’re using Tor. Some ISPs, websites, apps, and governments will block traffic to and from Tor entry and exit nodes altogether. In some countries, simply accessing the Tor network will get your name added to an ISP’s naughty list. That means your activity is anonymous, but not entirely private.

VPNs are faster and thus more suitable for streaming video, torrenting, and other download-intensive tasks. Tor is more suitable for anonymous web browsing and accessing .onion websites on the DarkNet.

For extra protection and more flexibility, Tor and a VPN can be combined. Traffic can be encrypted by both and then channeled first through the Tor network and then over a VPN (VPN over Tor) or vice versa (Tor over VPN). We’ll discuss the pros and cons of both configurations further down, but first let’s talk about which VPNs are most suitable for Tor users. Note that while combining Tor with a VPN will improve anonymity and privacy, it will have a heavier impact on connection speed and latency than using either one on its own.

Can I use a free VPN with Tor?

Yes, but you might be doing more harm than good. Technically, nothing is stopping you from connecting to a free VPN service and firing up the Tor browser.

Be wary of free VPNs. They look enticing on the surface, but in reality, they often use substandard encryption, poor logging policies, force users to wait in queues to connect and impose data or bandwidth caps on users. They often have fewer servers and IP addresses, which makes it easier to trace individual users. Many inject advertisements and tracking cookies into users’ browsers, sacrificing their privacy rather than bolstering it.

Tor over VPN vs VPN over Tor

Should you use VPN over Tor or Tor over VPN? Both have their advantages when it comes to both security and usability. We’ll outline the advantages and disadvantages here.

Tor over VPN

You can use Tor over VPN simply by connecting to a VPN and accessing the internet through the Tor browser. Your traffic is encrypted by both Tor and the VPN before leaving your device. The traffic flow looks like this:

Flexibility to use VPN by itself with a normal browser for non-critical tasks

Tor entry node cannot see real IP address

Cons:

Websites can block traffic from Tor exit nodes

VPN can see (and potentially log) your real IP address

Exposes traffic to compromised Tor exit nodes

*Note that NordVPN and BolehVPN could hypothetically analyze your traffic before it’s encrypted by the Tor network when using their Tor-over-VPN-enabled servers. The trade off is that all traffic can be routed through Tor without configuring individual apps to be used with Tor.

VPN over Tor

VPN over Tor is more difficult to set up because it requires configuration on the VPN server. As far as we know, only AirVPN offers this capability. The traffic flow looks like this: